CN112788026A

CN112788026A - Information management method and management system based on mobile internet and biological authentication

Info

Publication number: CN112788026A
Application number: CN202110016411.XA
Authority: CN
Inventors: 王红根
Original assignee: Individual
Current assignee: Individual
Priority date: 2020-08-20
Filing date: 2020-08-20
Publication date: 2021-05-11
Also published as: CN112788027A; CN112019532B; CN112019532A

Abstract

The embodiment of the application provides an information management method and a management system based on mobile internet and biological authentication, by acquiring terminal access authentication information uploaded by a target service terminal which performs mutual authentication and interconnection with each service member unit, and after extracting the terminal access authentication information of the service member unit, determining the application fingerprint mapping information of the service member unit and the access digital watermark mapping information of the service member unit, so that according to the application fingerprint mapping information of the service member unit and the encrypted deployment data of the mobile internet device in the service member unit, configuring the applied fingerprint authentication environment of the mobile internet device in the service member unit, and synchronously mapping information according to the access digital watermark of the service member unit, and configuring an access digital watermark authentication environment of the mobile Internet equipment in the service member unit. Therefore, the condition that the external target service terminal has abnormal verification can be avoided.

Description

Information management method and management system based on mobile internet and biological authentication

Technical Field

The application relates to the technical field of mobile internet, in particular to an information management method and a management system based on mobile internet and biometric authentication.

Background

At present, with the rapid development of the mobile internet, in many scenes, biometric authentication methods such as human faces and fingerprints of users are required to prove the identities of the users, so that the users are required to register accounts in many places, personal information such as face brushing and fingerprints of the users is required to be left in many places, and troubles are brought to the users and the safety problem of personal privacy information is caused. In the prior art, a security credential identification result of each biometric authentication action is generally determined through environmental security analysis, so that a subsequent security code calling program is effectively determined based on the security credential identification result, and the subsequent internet security is improved. However, in the subsequent process of performing security credential verification, considering that the external target terminal usually establishes a prior authentication with the internet service at the time of security authentication in advance, it is necessary to provide an encryption deployment scheme for such target terminal, so as to avoid the situation that the external target service terminal has abnormal verification.

Disclosure of Invention

In view of this, an object of the present application is to provide an information management method and a management system based on mobile internet and biometric authentication, which can provide an effective encryption deployment scheme for a target service terminal, thereby facilitating subsequent error-free verification and avoiding the situation that the target service terminal has abnormal verification.

According to a first aspect of the present application, there is provided a mobile internet and biometric authentication-based information management method applied to a cloud service platform communicatively connected to a plurality of mobile internet devices, the method including:

acquiring target biological authentication certificates embedded with a security code calling program corresponding to the plurality of mobile internet devices during biological authentication identification, performing access verification encryption deployment on each mobile internet device according to the target biological authentication certificates embedded with the security code calling program, and acquiring encryption deployment data of each mobile internet device, wherein the mobile internet devices are located in different service member units in a target internet service member group, and the encryption deployment data comprises application fingerprint encryption deployment information and access digital watermark encryption deployment information of the mobile internet devices;

acquiring terminal access authentication information uploaded by a target service terminal which performs bidirectional authentication interconnection with each service member unit, wherein the terminal access authentication information comprises application fingerprint configuration information and access digital watermark configuration information;

for each service member unit, extracting terminal access authentication information of the service member unit to obtain extraction information, and determining application fingerprint mapping information of the service member unit and access digital watermark mapping information of the service member unit based on the extraction information;

and configuring an application fingerprint authentication environment of the mobile internet equipment in the service member unit according to the application fingerprint mapping information of the service member unit and the encrypted deployment data of the mobile internet equipment in the service member unit, and configuring an access digital watermark authentication environment of the mobile internet equipment in the service member unit according to the access digital watermark mapping information of the service member unit.

In a possible implementation manner of the first aspect, the extracting the terminal access authentication information of the service member unit to obtain the extraction information includes:

if the terminal access authentication information is access digital watermark configuration information, converting the access digital watermark configuration information into watermark scrambling character string information;

dividing and analyzing the watermark scrambling character string information to obtain character string service segments in the watermark scrambling character string information, and identifying the character string service segments according to the corresponding relation between a preset character string and a digital watermark before matching service to obtain access digital watermark mapping information corresponding to the watermark scrambling character string information;

and obtaining the extraction information according to the access digital watermark mapping information.

if the terminal access authentication information of the service member unit is application fingerprint configuration information, determining an application fingerprint key generation list of a target service terminal corresponding to the application fingerprint configuration information, wherein the application fingerprint key generation list is used for representing an application fingerprint key generation strategy of the target service terminal corresponding to the application fingerprint configuration information;

determining an application fingerprint matrix of a target service terminal corresponding to the application fingerprint configuration information according to the application fingerprint key generation list, and performing decision classification on the application fingerprint configuration information according to the application fingerprint matrix to obtain target application fingerprint configuration information;

performing bidirectional certificate table item division on the target application fingerprint configuration information to obtain a plurality of bidirectional certificate table items corresponding to the target application fingerprint configuration information, listing certificate authorization services of all bidirectional certificate table items, establishing a certificate authorization service matrix, wherein the certificate authorization service matrix comprises a plurality of matrix distribution elements, each matrix distribution element corresponds to one certificate authorization service, and the matrix distance between every two matrix distribution elements represents the service association degree between the certificate authorization services corresponding to the two matrix distribution elements;

clustering all matrix distribution elements in the certificate authority service matrix according to the matrix distance between every two matrix distribution elements in the certificate authority service matrix to obtain at least a plurality of target matrix distribution element queues, determining a service authentication item of each target matrix distribution element queue according to service coverage information of the certificate authority service corresponding to each matrix distribution element in each target matrix distribution element queue, and determining a current queue corresponding to a preset authentication item from the service authentication items;

determining application fingerprint mapping information corresponding to the target application fingerprint configuration information according to fingerprint authorization protocol channel information in the certificate authorization service corresponding to each matrix distribution element in the current queue, and determining the extraction information according to the application fingerprint mapping information, wherein the fingerprint authorization protocol channel information is used for representing the application fingerprint mapping information in each bidirectional certificate table entry in the certificate authorization service.

In a possible implementation manner of the first aspect, the determining, based on the extracted information, application fingerprint mapping information of the service member unit and access digital watermark mapping information of the service member unit includes:

determining application fingerprint mapping information of the service member unit according to first extraction information in the extraction information, wherein the first extraction information is extraction information corresponding to application fingerprint configuration information of the service member unit;

and determining the access digital watermark mapping information of the service member unit according to second extraction information in the extraction information, wherein the second extraction information is extraction information corresponding to the access digital watermark configuration information of the service member unit.

In a possible implementation manner of the first aspect, the configuring, according to the application fingerprint mapping information of the service member unit and the encrypted deployment data of the mobile internet device in the service member unit, an application fingerprint authentication environment of the mobile internet device in the service member unit includes:

acquiring an application fingerprint unit area deployment node matched with encrypted deployment data of mobile internet equipment in the service member unit, application fingerprint code information and historical fingerprint update code information associated with the application fingerprint unit area deployment node from an application fingerprint preset element list mapped by application fingerprint mapping information of the service member unit, wherein the historical fingerprint update code information comprises fingerprint update code information of at least one historical authentication node;

inputting the application fingerprint code information and the historical fingerprint update code information into a nearest neighbor search package model, performing key matching code region extraction on the application fingerprint code information through the nearest neighbor search package model and a preset service authentication code range of the mobile internet device to obtain first key matching code region characteristics, and performing key matching code region extraction on each historical fingerprint update code information to obtain second key matching code region characteristics;

performing verification environment marking processing on each feature unit in the first key matching code area feature to obtain a first verification environment feature bitmap for representing the verification environment feature of the application fingerprint code information, and performing verification environment marking processing on each feature unit in the second key matching code area feature to obtain a second verification environment feature bitmap for representing the verification environment feature of the historical fingerprint update code information;

calculating common bitmap nodes between the first authentication environment feature bitmap and each second authentication environment feature bitmap, and taking the calculated common bitmap nodes as common bitmap nodes of the application fingerprint code information and the historical fingerprint update code information;

determining the common bitmap node obtained by calculation as a corresponding adaptation node when corresponding application fingerprint code information is adapted to the historical fingerprint updating code information; the adaptation node is used for measuring the code part of the application fingerprint code information related to the historical fingerprint updating code information;

based on the first key matching code area characteristic and a third key matching code area characteristic of the application fingerprint unit area deployment node, determining adaptable authentication node information of the application fingerprint code information on the application fingerprint unit area deployment node, and operating the adaptable authentication node information and the adaptation node to obtain an adaptable authentication node set of the application fingerprint unit area deployment node for the adaptable authentication node configuration information of the application fingerprint code information and the historical fingerprint update code information of the application fingerprint unit area deployment node;

according to the configuration information of the adaptable authentication node and the adaptable authentication node set corresponding to the condition that the adaptable node reaches the adaptation condition, determining environment adaptation characteristic information corresponding to the adaptable authentication node set in the configuration information of the adaptable authentication node, and configuring an application fingerprint authentication environment of the application fingerprint matched with the environment adaptation characteristic information by the mobile internet equipment in the service member unit according to the extracted environment adaptation characteristic information.

In a possible implementation manner of the first aspect, the configuring, according to the access digital watermark mapping information of the service member unit, an access digital watermark authentication environment of a mobile internet device in the service member unit includes:

according to the access digital watermark mapping information of the service member unit, determining the access digital watermark authentication activation state of the mobile internet equipment in the service member unit in a set service interval;

and according to the access digital watermark authentication activation state of the mobile internet equipment in the set service interval, carrying out encryption deployment on the access digital watermark authentication environment of the access digital watermark, in which the mobile internet equipment is in the activation state in the set service interval and is matched with the encryption deployment data.

In a possible implementation manner of the first aspect, after configuring an access digital watermark authentication environment of a mobile internet device in the service member unit according to the access digital watermark mapping information of the service member unit, the method further includes:

and processing the access verification instruction received by the mobile internet equipment according to the access digital watermark authentication environment and the application fingerprint authentication environment of the mobile internet equipment in each service member unit.

In a possible implementation manner of the first aspect, the step of obtaining target biometric authentication credentials embedded with a security code calling program corresponding to the plurality of mobile internet devices during biometric authentication identification includes:

performing certificate matching analysis on the biometric authentication verification information obtained in the biometric authentication identification process of the mobile internet equipment within a preset time period to obtain self-signed digital certificate matching information of the biometric authentication verification information;

performing element matching on the self-signed digital certificate matching information according to a preset token root certificate node set to obtain a root certificate matching node set;

respectively carrying out security certificate identification on each root certificate matching node in a root certificate matching node set by using a first security identification program and a second security identification program to obtain a security certificate identification result of the root certificate matching node set, wherein the first security identification program is a dynamic library link file for predicting a security environment certificate object according to the certificate verification attribute of each root certificate matching node, and the second security identification program is a dynamic library link file for predicting a security application certificate object according to the certificate verification attribute of each root certificate matching node;

and based on the safety certificate identification result, performing certificate signature processing on each corresponding root certificate matching node in the root certificate matching node set to obtain the target biological authentication certificate embedded with a safety code calling program.

In a possible implementation manner of the first aspect, the performing credential matching analysis on the biometric authentication verification information obtained in the biometric authentication verification process of the mobile internet device within a preset time period to obtain self-signed digital certificate matching information of the biometric authentication verification information includes:

according to a preset certificate matching strategy, sequentially determining target verification process record information lists corresponding to the biological authentication verification nodes in the biological authentication identification verification process in the biological authentication identification verification information; the biometric authentication verification node of the biometric authentication identification process is obtained by analyzing the biometric authentication identification verification information according to a corresponding certificate matching key node in a preset certificate matching strategy;

executing first target processing on each first verification process record information in the target verification process record information list respectively: inputting the first verification process record information into a pre-trained third safety identification program, outputting verification session plug-in information of the first verification process record information, and normalizing verification session plug-in parameters corresponding to each verification session call plug-in each first biological authentication identification verification subprocess into verification session plug-in target information, wherein the first biological authentication identification verification subprocess is a biological authentication identification verification subprocess in the first verification process record information; based on the verification session plug-in target information, utilizing a shared key negotiation characteristic determination rule to determine a shared key negotiation characteristic of the first verification process record information, then determining a verification session plug-in update parameter between two adjacent first biological authentication identification verification sub-processes, and normalizing the verification session plug-in update parameter into verification session plug-in update target information; updating target information based on the verification session plug-in, and determining an authentication security domain data structure of the first verification process record information by using an authentication security domain data structure determination rule; determining first self-signed digital certificate data of first verification process record information by using verification session plug-in information, shared key negotiation characteristics and an authentication security domain data structure, and taking each first self-signed digital certificate data as a first self-signed digital certificate data list;

performing a second target process on each first self-signed digital certificate data list: sequencing the first self-signed digital certificate data in the first self-signed digital certificate data list according to a time window sequence, determining each first verification process record information corresponding to a preset number of first self-signed digital certificate data, taking each first verification process record information as a selected target verification process record information list, and then performing the following operations on each selected first verification process record information combination: determining a verification negotiation difference between two adjacent second biometric authentication identification verification sub-processes by using a genetic fuzzy logic tree algorithm, and normalizing the verification negotiation difference into verification negotiation update data, wherein the verification negotiation update data corresponds to a selected first verification process record information combination, and in the two adjacent second biometric authentication identification verification sub-processes, the former second biometric authentication identification verification sub-process is a last biometric authentication identification verification sub-process of the former selected first verification process record information in the selected first verification process record information combination, and the latter second biometric authentication identification verification sub-process is a first biometric authentication verification sub-process of the latter selected first verification process record information in the selected first verification process record information combination, wherein two selected verification process record information in the selected first verification process record information combination, two selected target verification process record information lists corresponding to the biological authentication identification verification nodes respectively belonging to two adjacent biological authentication identification processes, wherein the second verification process record information comprises verification negotiation; the following operations are executed to the verification negotiation updating data corresponding to the biological authentication identification verification nodes of two adjacent biological authentication identification processes: traversing verification negotiation updating data corresponding to the biological authentication identification verification nodes of two adjacent biological authentication identification processes, and determining a selected first verification process record information combination corresponding to the target verification negotiation updating data; and determining each first verification process record information segment for comprehensive analysis according to each selected first verification process record information combination, wherein every two adjacent first verification process record information respectively belong to a target verification process record information list corresponding to a biological authentication verification node of two adjacent biological authentication identification processes, and sequentially splicing the contents in each adjacent first verification process record information to obtain self-signed digital certificate matching information of the biological authentication identification verification information.

According to a second aspect of the present application, there is provided an information management apparatus based on mobile internet and biometric authentication, applied to a cloud service platform communicatively connected to a mobile internet device, the apparatus including:

the first acquisition module is used for acquiring corresponding target biological authentication certificates embedded with security code calling programs when the plurality of mobile internet devices perform biological authentication identification, performing access verification encryption deployment on each mobile internet device according to the target biological authentication certificates embedded with the security code calling programs, and acquiring encryption deployment data of each mobile internet device, wherein the mobile internet devices are located in different service member units in a target internet service member group, and the encryption deployment data comprises application fingerprint encryption deployment information and access digital watermark encryption deployment information of the mobile internet devices;

the second acquisition module is used for acquiring terminal access authentication information uploaded by a target service terminal which performs bidirectional authentication interconnection with each service member unit, wherein the terminal access authentication information comprises application fingerprint configuration information and access digital watermark configuration information;

the extraction module is used for extracting terminal access authentication information of each service member unit to obtain extraction information, and determining application fingerprint mapping information of the service member unit and access digital watermark mapping information of the service member unit based on the extraction information;

and the encryption deployment module is used for configuring the application fingerprint authentication environment of the mobile internet equipment in the service member unit according to the application fingerprint mapping information of the service member unit and the encryption deployment data of the mobile internet equipment in the service member unit, and configuring the access digital watermark authentication environment of the mobile internet equipment in the service member unit according to the access digital watermark mapping information of the service member unit.

In a third aspect, an embodiment of the present invention further provides an information management system based on mobile internet and biometric authentication, where the information management system based on mobile internet and biometric authentication includes a cloud service platform and a mobile internet device communicatively connected to the cloud service platform;

the cloud service platform is used for acquiring corresponding target biological authentication certificates embedded with security code calling programs when the plurality of mobile internet devices perform biological authentication identification, performing access verification encryption deployment on each mobile internet device according to the target biological authentication certificates embedded with the security code calling programs, and acquiring encryption deployment data of each mobile internet device, wherein the mobile internet devices are located in different service member units in a target internet service member group, and the encryption deployment data comprises application fingerprint encryption deployment information and access digital watermark encryption deployment information of the mobile internet devices;

the cloud service platform is used for acquiring terminal access authentication information uploaded by a target service terminal which performs bidirectional authentication interconnection with each service member unit, wherein the terminal access authentication information comprises application fingerprint configuration information and access digital watermark configuration information;

the cloud service platform is used for extracting terminal access authentication information of each service member unit to obtain extraction information, and determining application fingerprint mapping information of the service member unit and access digital watermark mapping information of the service member unit based on the extraction information;

the cloud service platform is used for configuring an application fingerprint authentication environment of the mobile internet equipment in the service member unit according to the application fingerprint mapping information of the service member unit and the encrypted deployment data of the mobile internet equipment in the service member unit, and configuring an access digital watermark authentication environment of the mobile internet equipment in the service member unit according to the access digital watermark mapping information of the service member unit.

In a fourth aspect, an embodiment of the present invention further provides a cloud service platform, where the cloud service platform includes a processor, a machine-readable storage medium, and a network interface, where the machine-readable storage medium, the network interface, and the processor are connected through a bus system, the network interface is used for being communicatively connected to at least one mobile internet device, the machine-readable storage medium is used for storing a program, an instruction, or code, and the processor is used for executing the program, the instruction, or the code in the machine-readable storage medium to perform the mobile internet and biometric authentication based information management method in the first aspect or any one of the possible implementation manners in the first aspect.

In a fifth aspect, an embodiment of the present invention provides a computer-readable storage medium, where instructions are stored, and when executed, cause a computer to perform the information management method based on mobile internet and biometric authentication in the first aspect or any one of the possible implementation manners of the first aspect.

Based on any one of the above aspects, the application configures the application fingerprint authentication environment of the mobile internet device in the service member unit according to the application fingerprint mapping information of the service member unit and the encrypted deployment data of the mobile internet device in the service member unit, and synchronously configures the access digital watermark authentication environment of the mobile internet device in the service member unit according to the access digital watermark mapping information of the service member unit by acquiring the terminal access authentication information uploaded by the target service terminal which performs mutual authentication and interconnection with each service member unit, extracting the terminal access authentication information of the service member unit to obtain the extraction information, and then determining the application fingerprint mapping information of the service member unit and the access digital watermark mapping information of the service member unit. Therefore, an effective encryption deployment scheme can be provided for the target service terminal, so that subsequent error-free verification is facilitated, and the condition that the target service terminal is abnormal in verification is avoided.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.

Fig. 1 is a schematic diagram illustrating an application scenario of an information management system based on mobile internet and biometric authentication according to an embodiment of the present application;

fig. 2 is a flow chart illustrating an information management method based on mobile internet and biometric authentication according to an embodiment of the present application;

fig. 3 is a schematic diagram showing functional modules of an information management apparatus based on mobile internet and biometric authentication according to an embodiment of the present application;

fig. 4 shows a component structure diagram of a cloud service platform for executing the above-mentioned information management method based on mobile internet and biometric authentication according to an embodiment of the present application.

Detailed Description

In order to more clearly illustrate the technical solutions of the embodiments of the present disclosure, the drawings used in the description of the embodiments will be briefly described below. It is obvious that the drawings in the following description are only examples or embodiments of the present description, and that for a person skilled in the art, the present description can also be applied to other similar scenarios on the basis of these drawings without inventive effort. Unless otherwise apparent from the context, or otherwise indicated, like reference numbers in the figures refer to the same structure or operation.

It should be understood that "system", "device", "unit" and/or "module" as used in this specification is a method for distinguishing different components, elements, parts or assemblies at different levels. However, other words may be substituted by other expressions if they accomplish the same purpose.

As used in this specification and the appended claims, the terms "a," "an," "the," and/or "the" are not intended to be inclusive in the singular, but rather are intended to be inclusive in the plural, unless the context clearly dictates otherwise. In general, the terms "comprises" and "comprising" merely indicate that steps and elements are included which are explicitly identified, that the steps and elements do not form an exclusive list, and that a method or apparatus may include other steps or elements.

Flow charts are used in this description to illustrate operations performed by a system according to embodiments of the present description. It should be understood that the preceding or following operations are not necessarily performed in the exact order in which they are performed. Rather, the various steps may be processed in reverse order or simultaneously. Meanwhile, other operations may be added to the processes, or a certain step or several steps of operations may be removed from the processes.

Fig. 1 is an interaction diagram of an information management system 10 based on mobile internet and biometric authentication according to an embodiment of the present invention. The mobile internet and biometric authentication-based information management system 10 may include a cloud service platform 100 and a mobile internet device 200 communicatively connected to the cloud service platform 100. The mobile internet and biometric authentication-based information management system 10 shown in fig. 1 is only one possible example, and in other possible embodiments, the mobile internet and biometric authentication-based information management system 10 may include only a part of the components shown in fig. 1 or may also include other components.

In this embodiment, the cloud service platform 100 and the mobile internet device 200 in the mobile internet and biometric authentication based information management system 10 may cooperatively perform the mobile internet and biometric authentication based information management method described in the following method embodiment, and the specific steps performed by the cloud service platform 100 and the mobile internet device 200 may refer to the detailed description of the following method embodiment.

Based on the inventive concept of the technical solution provided by the present application, the cloud service platform 100 provided by the present application can be applied to scenes such as smart medical care, smart city management, smart industrial internet, general service monitoring management, and the like, in which a big data technology or a cloud computing technology can be applied, and for example, the cloud service platform can also be applied to, but not limited to, new energy automobile system management, smart cloud office, cloud platform data processing, cloud game data processing, cloud live broadcast processing, cloud automobile management platform, block chain financial data service platform, and the like.

In order to solve the technical problems in the foregoing background, fig. 2 is a flowchart illustrating an information management method based on mobile internet and biometric authentication according to an embodiment of the present invention, which may be executed by the cloud service platform 100 shown in fig. 1, and the information management method based on mobile internet and biometric authentication is described in detail below.

Step S110 is to obtain target biometric authentication credentials embedded with a security code calling program corresponding to the plurality of mobile internet devices 200, perform access verification encryption deployment on each mobile internet device 200 according to the target biometric authentication credentials embedded with the security code calling program, and obtain encryption deployment data of each mobile internet device 200.

Step S120, terminal access authentication information uploaded by the target service terminal which performs mutual authentication and interconnection with each service member unit is obtained.

Step S130, aiming at each service member unit, extracting the terminal access authentication information of the service member unit to obtain extraction information, and determining the application fingerprint mapping information of the service member unit and the access digital watermark mapping information of the service member unit based on the extraction information.

Step S140, configuring the application fingerprint authentication environment of the mobile internet device 200 in the service member unit according to the application fingerprint mapping information of the service member unit and the encrypted deployment data of the mobile internet device 200 in the service member unit, and configuring the access digital watermark authentication environment of the mobile internet device 200 in the service member unit according to the access digital watermark mapping information of the service member unit.

In this embodiment, the mobile internet device 200 is located in different service member units in the target internet service member group, and each service member unit may be configured with an internet service type of an internet service member in advance, such as a self-media service type, a game service type, and the like, but is not limited thereto.

In this embodiment, the encrypted deployment data may specifically include application fingerprint encryption deployment information and access digital watermark encryption deployment information of the mobile internet device 200. For example, after acquiring the target biometric authentication credentials embedded with the security code invoker corresponding to the plurality of mobile internet devices 200, the application fingerprint interception index and the access digital watermark interception index matching the security code invoker may be obtained from the target biometric authentication credentials embedded with the security code invoker, and the access verification encryption deployment may be performed on each mobile internet device 200 according to the application fingerprint interception index and the access digital watermark interception index.

In this embodiment, for each target service terminal, mutual authentication interconnection may be established with each service member unit in advance, specifically, the mutual authentication interconnection may be established by uploading a series of identity authentication information, and the corresponding terminal access authentication information may be uploaded in real time or at preset time intervals, and specifically, the terminal access authentication information may include application fingerprint configuration information and access digital watermark configuration information. For example, the terminal access authentication information may specifically include application fingerprint configuration information and access digital watermark configuration information allowed by its own device, or application fingerprint configuration information and access digital watermark configuration information extended by software, but is not limited thereto.

In this embodiment, the application fingerprint authentication environment may be used to represent an authentication environment of an application fingerprint generated during biometric authentication, and the access digital watermark authentication environment may be used to represent an authentication environment of a digital watermark associated with an application fingerprint generated during biometric authentication.

Based on the above steps, in this embodiment, the terminal access authentication information uploaded by the target service terminal performing mutual authentication and interconnection with each service member unit is acquired, and the terminal access authentication information of the service member unit is extracted to obtain the extraction information, and then the application fingerprint mapping information of the service member unit and the access digital watermark mapping information of the service member unit are determined, so that the application fingerprint authentication environment of the mobile internet device in the service member unit is configured according to the application fingerprint mapping information of the service member unit and the encrypted deployment data of the mobile internet device in the service member unit, and the access digital watermark authentication environment of the mobile internet device in the service member unit is configured synchronously according to the access digital watermark mapping information of the service member unit. Therefore, an effective encryption deployment scheme can be provided for the target service terminal, so that subsequent error-free verification is facilitated, and the condition that the target service terminal is abnormal in verification is avoided.

In a possible implementation manner, for step S130, in the process of extracting the terminal access authentication information of the service member unit to obtain the extracted information, the following exemplary sub-steps may be implemented, which are described in detail below.

And a substep S131, if the terminal access authentication information is access digital watermark configuration information, converting the access digital watermark configuration information into watermark scrambling character string information.

And a substep S132, segmenting and analyzing the watermark scrambling character string information to obtain character string service segments in the watermark scrambling character string information, and identifying the character string service segments according to the corresponding relation between the preset character strings and the digital watermark before matching the service to obtain access digital watermark mapping information corresponding to the watermark scrambling character string information.

And a substep S133 of obtaining the extraction information according to the access digital watermark mapping information.

In another possible implementation manner, for step S130, in the process of extracting the terminal access authentication information of the service member unit to obtain the extracted information, the following exemplary sub-steps may also be implemented, which are described in detail below.

And a substep S134, if the terminal access authentication information of the service member unit is the application fingerprint configuration information, determining an application fingerprint key generation list of the target service terminal corresponding to the application fingerprint configuration information, where the application fingerprint key generation list is used to represent an application fingerprint key generation policy of the target service terminal corresponding to the application fingerprint configuration information.

And a substep S135, determining an application fingerprint matrix of the target service terminal corresponding to the application fingerprint configuration information according to the application fingerprint key generation list, and performing decision classification on the application fingerprint configuration information according to the application fingerprint matrix to obtain target application fingerprint configuration information.

Substep S136, performing bidirectional certificate table entry division on the target application fingerprint configuration information to obtain a plurality of bidirectional certificate table entries corresponding to the target application fingerprint configuration information, listing certificate authorization services of each bidirectional certificate table entry, and establishing a certificate authorization service matrix, where the certificate authorization service matrix includes a plurality of matrix distribution elements, each matrix distribution element corresponds to one certificate authorization service, and a matrix distance between every two matrix distribution elements represents a service association degree between the certificate authorization services corresponding to the two matrix distribution elements.

And substep S137, clustering all matrix distribution elements in the certificate authority service matrix according to the matrix distance between every two matrix distribution elements in the certificate authority service matrix to obtain at least a plurality of target matrix distribution element queues, determining a service authentication item of each target matrix distribution element queue according to the service coverage information of the certificate authority service corresponding to each matrix distribution element in each target matrix distribution element queue, and determining a current queue corresponding to a preset authentication item from the service authentication items.

And a substep S138, determining application fingerprint mapping information corresponding to the target application fingerprint configuration information according to the fingerprint authorization protocol channel information in the certificate authorization service corresponding to each matrix distribution element in the current queue, and determining extraction information according to the application fingerprint mapping information, wherein the fingerprint authorization protocol channel information is used for representing the application fingerprint mapping information in each bidirectional certificate table entry in the certificate authorization service.

In a possible implementation manner, still referring to step S130, in the process of determining the application fingerprint mapping information of the service member unit and the access digital watermark mapping information of the service member unit based on the extracted information, the following exemplary sub-steps can be specifically implemented, which are described in detail below.

And a substep S1391, determining the application fingerprint mapping information of the service member unit according to the first extraction information in the extraction information.

The first extraction information is extraction information corresponding to the application fingerprint configuration information of the service member unit.

And a substep S1392, determining the access digital watermark mapping information of the service member unit according to the second extraction information in the extraction information.

And the second extraction information is extraction information corresponding to the access digital watermark configuration information of the service member unit.

In a possible implementation manner, for step S140, in configuring the application fingerprint authentication environment of the mobile internet device 200 in the service member unit according to the application fingerprint mapping information of the service member unit and the encrypted deployment data of the mobile internet device 200 in the service member unit, the following exemplary sub-steps may be specifically implemented, and the following detailed description is provided.

And a substep S141, obtaining an application fingerprint unit area deployment node matched with the encrypted deployment data of the mobile internet device 200 in the service member unit, and application fingerprint code information and historical fingerprint update code information associated with the application fingerprint unit area deployment node from the application fingerprint preset element list mapped by the application fingerprint mapping information of the service member unit.

The historical fingerprint updating code information comprises fingerprint updating code information of at least one historical authentication node.

And a substep S142, inputting the application fingerprint code information and the historical fingerprint updating code information into a nearest neighbor search package model, performing key matching code region extraction on the application fingerprint code information through the nearest neighbor search package model and a preset service authentication code range of the mobile internet equipment to obtain first key matching code region characteristics, and performing key matching code region extraction on each historical fingerprint updating code information to obtain second key matching code region characteristics.

And a substep S143, performing verification environment marking processing on each feature unit in the first key matching code region feature to obtain a first verification environment feature bitmap for representing the verification environment feature of the application fingerprint code information, and performing verification environment marking processing on each feature unit in the second key matching code region feature to obtain a second verification environment feature bitmap for representing the verification environment feature of the historical fingerprint update code information.

And a substep S144 of calculating a common bitmap node between the first authentication environment feature bitmap and each second authentication environment feature bitmap, and using the calculated common bitmap node as a common bitmap node for the application fingerprint code information and the historical fingerprint update code information.

And a substep S145, determining the common bitmap node obtained by calculation as a corresponding adapting node when the fingerprint code information is correspondingly adapted to the historical fingerprint updating code information. The adaptation node is adapted to measure the code portion of the application fingerprint code information in relation to the historical fingerprint update code information.

And a substep S146, based on the first key matching code region characteristic and the third key matching code region characteristic of the deployment node of the application fingerprint unit region, determining adaptable authentication node information of the deployment node of the application fingerprint unit region corresponding to the application fingerprint code information, and operating the adaptable authentication node information and the adaptation nodes to obtain an adaptable authentication node set of the deployment node of the application fingerprint unit region corresponding to the adaptable authentication node configuration information and the historical fingerprint update code information of the application fingerprint code information in the application fingerprint unit region.

And a substep S147, determining environment adaptation characteristic information corresponding to the adaptable authentication node set in the adaptable authentication node configuration information according to the adaptable authentication node configuration information and the adaptable authentication node set corresponding to the adaptation condition reached by the adaptation node, and configuring the application fingerprint authentication environment of the application fingerprint matched with the environment adaptation characteristic information for the mobile internet device 200 in the service member unit according to the extracted environment adaptation characteristic information.

In a possible implementation manner, still referring to step S140, in the process of configuring the access digital watermark authentication environment of the mobile internet device 200 in the service member unit according to the access digital watermark mapping information of the service member unit, the following exemplary sub-steps may be specifically implemented, which are described in detail below.

And a substep S148, determining an access digital watermark authentication activation state of the mobile internet device 200 in the service member unit in the set service interval according to the access digital watermark mapping information of the service member unit.

And a substep S149, performing encryption deployment on the access digital watermark authentication environment of the access digital watermark, in which the mobile internet device 200 is in the activated state in the set service interval and is matched with the encryption deployment data, according to the access digital watermark authentication activation state of the mobile internet device 200 in the set service interval.

Therefore, on the basis of the above description, the access verification instruction received by the mobile internet device 200 can be processed according to the access digital watermark authentication environment and the application fingerprint authentication environment of the mobile internet device 200 in each service member unit. For example, when at least one of the access digital watermark and the application fingerprint corresponding to the access verification instruction received by the mobile internet device 200 is in the authentication environment, the access verification instruction received by the mobile internet device 200 is intercepted, otherwise, the access verification instruction is released.

In one possible implementation manner, regarding step S110, in the process of acquiring the target biometric authentication credentials embedded with the security code invoking program corresponding to the plurality of mobile internet devices 200, the method may be implemented by various exemplary embodiments, for example, by the following exemplary sub-steps, which are described in detail below.

Step S111, performing credential matching analysis on the biometric authentication verification information obtained in the biometric authentication verification process of the mobile internet device 200 within a preset time period to obtain self-signed digital certificate matching information of the biometric authentication verification information.

And step S112, performing element matching on the self-signed digital certificate matching information according to a preset token root certificate node set to obtain a root certificate matching node set.

Step S113, the first safety identification program and the second safety identification program are used for respectively carrying out safety certificate identification on each root certificate matching node in the root certificate matching node set, and a safety certificate identification result of the root certificate matching node set is obtained.

And step S114, performing certificate signature processing on each root certificate matching node corresponding to the root certificate matching node set based on the safety certificate identification result to obtain the target biological authentication certificate embedded with the safety code calling program.

In this embodiment, the first security identification program is a dynamic library link file for predicting the credential object of the security environment according to the certificate verification attribute of each root certificate matching node, and the second security identification program is a dynamic library link file for predicting the credential object of the security application according to the certificate verification attribute of each root certificate matching node. As one possible example, the first security recognizer program and the second security recognizer program may include a Support Vector Machine (SVM), which is a generalized linear classifier that performs binary classification on data of each root certificate matching node in a root certificate matching node set in a supervised learning manner, and whose decision boundary is a maximum margin hyperplane that is solved for learning samples. For example, the SVM generally calculates an empirical risk using a hinge loss function and adds a regularization term to a solution system to optimize a structural risk, and is a classifier having sparsity and robustness. The specific training process for the first secure identification procedure and the second secure identification procedure will be described in detail later.

In this embodiment, the biometrics authentication verification information of the biometrics authentication process of the mobile internet device 200 can be understood as biometrics authentication verification record information of the biometrics authentication process generated in the communication process of the biometrics authentication process used by the mobile internet device 200 each time a communication request is initiated.

Based on the above steps, the present embodiment respectively passes through the identification models of the secure environment credential object and the secure application credential object, the heterogeneous characteristics of the secure environment credential object and the secure application credential object may be analyzed and identified separately, taking into account both time characteristics and data characteristics, rather than a single feature, more accurate security credential identification results may be obtained, and further, and performing credential signature processing on the obtained security credential identification result containing the security environment credential object and the security application credential object to obtain the target biological authentication credential embedded with the security code calling program, further improving the identification precision based on threat potential information of the security environment credential object and the security application credential object, and effectively determining the subsequent security code calling program so as to improve the security in the communication process.

For example, step S111 may be implemented by the following exemplary substeps, which are described in detail below.

And a substep S1111, determining in sequence a target verification process record information list corresponding to the biometric authentication verification nodes of the biometric authentication verification processes in the biometric authentication verification information according to a preset certificate matching policy. The biometric authentication verification node in the biometric authentication identification process is a corresponding certificate matching key node in a preset certificate matching strategy, and the biometric authentication identification verification node in the biometric authentication identification process is obtained after the biometric authentication identification verification information is analyzed.

Substep S1112, respectively executing a first target process on each first verification process record information in the target verification process record information list to obtain a first self-signed digital certificate data list:

in detail, first, the record information of the first verification process may be input into a third security identification program trained in advance, the verification session plug-in information of the record information of the first verification process is output, and the verification session plug-in parameter corresponding to each verification session call plug-in each first biometric authentication verification subprocess is normalized into the verification session plug-in target information, where the first biometric authentication verification subprocess is a biometric authentication verification subprocess in the record information of the first verification process. And then, based on the verification session plug-in target information, determining shared key negotiation characteristics of the first verification process record information by using a shared key negotiation characteristic determination rule, then determining verification session plug-in update parameters between two adjacent first biological authentication identification verification sub-processes, and normalizing the verification session plug-in update parameters into verification session plug-in update target information. And the target information can be updated based on the verification session plug-in, and the authentication security domain data structure of the first verification process record information can be determined by using the authentication security domain data structure determination rule. On the basis, first self-signed digital certificate data of first verification process record information are determined by using verification session plug-in information, shared key negotiation characteristics and an authentication security domain data structure, and each piece of first self-signed digital certificate data is used as a first self-signed digital certificate data list.

The substep S1113, executing a second target process to each first self-signed digital certificate data list to obtain self-signed digital certificate matching information of the biometric authentication verification information:

in detail, the first self-signed digital certificate data in the first self-signed digital certificate data list may be sorted according to a time window sequence, each first verification process record information corresponding to a preset number of first self-signed digital certificate data is determined, each first verification process record information is used as a selected target verification process record information list, and then the following operations are performed on each selected first verification process record information combination:

for example, a genetic fuzzy logic tree algorithm may be used to determine a verification negotiation difference between two adjacent second biometric authentication and verification sub-processes, and normalize the verification negotiation difference into verification negotiation update data corresponding to a selected first verification process record information combination, wherein, in the two adjacent second biometric authentication and verification sub-processes, a former second biometric authentication and verification sub-process is a last biometric authentication and verification sub-process of the previously selected first verification process record information in the selected first verification process record information combination, a latter second biometric authentication and verification sub-process is a first biometric authentication and verification sub-process of the later selected first verification process record information in the selected first verification process record information combination, wherein, two selected verification process record information in the selected first verification process record information combination, two selected target verification process record information lists corresponding to the biological authentication identification verification nodes respectively belonging to two adjacent biological authentication identification processes, wherein the second verification process record information comprises verification negotiation.

For example, the following operations may be performed on the verification negotiation update data corresponding to the biometric authentication verification nodes of the two adjacent biometric authentication processes: and traversing verification negotiation updating data corresponding to the biological authentication identification verification nodes of two adjacent biological authentication identification processes, and determining a selected first verification process record information combination corresponding to the target verification negotiation updating data. Then, each first verification process record information segment for comprehensive analysis can be determined according to each selected first verification process record information combination, wherein every two adjacent first verification process record information respectively belong to a target verification process record information list corresponding to a biological authentication identification verification node of two adjacent biological authentication identification processes, and the contents in the adjacent first verification process record information are sequentially spliced to obtain self-signed digital certificate matching information of the biological authentication identification verification information.

Based on the above design, in this embodiment, the target verification process record information lists respectively corresponding to the biometric authentication verification nodes in each biometric authentication process are sequentially determined according to the preset credential matching policy; the biometric authentication identification verification node in the biometric authentication identification process is a biometric authentication identification verification node in the biometric authentication identification process obtained by dividing a preset certificate matching strategy according to a corresponding certificate matching key node in the preset certificate matching strategy; determining a first self-signed digital certificate data list corresponding to each target verification process record information list respectively based on first verification process record information, wherein the first verification process record information comprises at least two verification process record information; determining record information of each first verification process according to each first self-signed digital certificate data list, wherein every two adjacent first verification process record information respectively belong to a target verification process record information list corresponding to a biological authentication identification verification node of two adjacent biological authentication identification processes; and sequentially splicing the recorded information of each adjacent first verification process to obtain the self-signed digital certificate matching information of the biometric authentication verification information, thereby overcoming the problem of poor connection effect of the self-signed digital certificate matching information caused by using single verification process recorded information to process each time.

For example, in one possible implementation, step S112 may be implemented by the following exemplary substeps, which are described in detail below.

And a substep S1121, mapping the verification session calling plug-in of the self-signed digital certificate matching information to a session simulation service according to a preset token root certificate node set to obtain a session simulation pointing service of the verification session calling plug-in, and mapping the session simulation pointing service of the verification session calling plug-in to a dynamic library link file node of the root certificate matching attribute model to form a certificate distribution matrix of the root certificate matching attribute model.

In sub-step S1122, a root certificate overlay tag library corresponding to the self-signed digital certificate matching information is extracted from the digital certificate configuration file corresponding to the self-signed digital certificate matching information, and a root certificate overlay tag library corresponding to the self-signed digital certificate matching information is extracted, so as to obtain a root certificate tag parameter corresponding to the self-signed digital certificate matching information.

And a substep S1123 of determining a certificate pointing object of the to-be-keyed certificate node meeting the matching condition of the self-signed digital certificate matching information and a hash calculation rule corresponding to the to-be-keyed certificate node based on the obtained root certificate label parameter, so as to determine the to-be-keyed certificate node meeting the matching condition of the self-signed digital certificate matching information and a one-way hash service segment corresponding to the one-way hash function parameter of the to-be-keyed certificate node.

And a substep S1124, when the certificate pointing object of the to-be-critical certificate node meeting the matching condition is different from the representation certificate pointing object of the current to-be-critical certificate node, converting the representation certificate pointing object of the to-be-critical certificate node to make the representation certificate pointing object of the to-be-critical certificate node consistent with the certificate pointing object of the to-be-critical certificate node meeting the matching condition.

And the substep S1125, respectively mapping the node of the certificate to be critical and the one-way hash service segment in the certificate distribution matrix of the root certificate matching attribute model, and correspondingly obtaining the matrix part at the node of the certificate to be critical and the matrix part at the one-way hash service segment.

And substep S1126, loading the matrix part at the to-be-critical certificate node in the to-be-critical certificate node, and loading the matrix part at the one-way hash service segment in the one-way hash function parameter, so as to collect the key certificate nodes corresponding to the loaded matrix part to obtain a root certificate matching node set.

Based on the same inventive concept, please refer to fig. 3, which shows a functional module diagram of the information management device 300 based on mobile internet and biometric authentication according to the embodiment of the present application, and the embodiment can divide the functional modules of the information management device 300 based on mobile internet and biometric authentication according to the above method embodiment. For example, the functional blocks may be divided for the respective functions, or two or more functions may be integrated into one processing block. The integrated module can be realized in a hardware mode, and can also be realized in a software functional module mode. It should be noted that, in the embodiment of the present application, the division of the module is schematic, and is only one logic function division, and there may be another division manner in actual implementation. For example, in the case of adopting a function module divided for each function, the information management apparatus 300 based on the mobile internet and the biometric authentication shown in fig. 3 is only one apparatus diagram. The mobile internet and biometric authentication-based information management apparatus 300 may include a first obtaining module 310, a second obtaining module 320, an extracting module 330, and an encryption deploying module 340, wherein the functions of the functional modules of the mobile internet and biometric authentication-based information management apparatus 300 are described in detail below.

The first obtaining module 310 is configured to obtain target biometric authentication credentials embedded with a security code calling program corresponding to the plurality of mobile internet devices 200, perform access verification encryption deployment on each mobile internet device 200 according to the target biometric authentication credentials embedded with the security code calling program, and obtain encryption deployment data of each mobile internet device 200, where the mobile internet devices 200 are located in different service member units in a target internet service member group, and the encryption deployment data includes application fingerprint encryption deployment information and access digital watermark encryption deployment information of the mobile internet devices 200. It is understood that the first obtaining module 310 may be configured to perform the step S110, and for a detailed implementation of the first obtaining module 310, reference may be made to the content related to the step S110.

The second obtaining module 320 is configured to obtain terminal access authentication information uploaded by a target service terminal performing bidirectional authentication interconnection with each service member unit, where the terminal access authentication information includes application fingerprint configuration information and access digital watermark configuration information. It is understood that the second obtaining module 320 may be configured to perform the step S120, and for a detailed implementation of the second obtaining module 320, reference may be made to the content related to the step S120.

An extracting module 330, configured to extract, for each service member unit, terminal access authentication information of the service member unit to obtain extraction information, and determine, based on the extraction information, application fingerprint mapping information of the service member unit and access digital watermark mapping information of the service member unit. It is understood that the extracting module 330 can be used to execute the step S130, and for the detailed implementation of the extracting module 330, reference can be made to the contents related to the step S130.

And an encryption deployment module 340, configured to configure an application fingerprint authentication environment of the mobile internet device 200 in the service member unit according to the application fingerprint mapping information of the service member unit and the encryption deployment data of the mobile internet device 200 in the service member unit, and configure an access digital watermark authentication environment of the mobile internet device 200 in the service member unit according to the access digital watermark mapping information of the service member unit. It is understood that the encryption deployment module 340 can be used to perform the step S140, and the detailed implementation manner of the encryption deployment module 340 can refer to the content related to the step S140.

It should be noted that the division of the modules of the above apparatus is only a logical division, and the actual implementation may be wholly or partially integrated into one physical entity, or may be physically separated. And these modules can be realized in the form of software called by processing element; or may be implemented entirely in hardware; and part of the modules can be realized in the form of calling software by the processing element, and part of the modules can be realized in the form of hardware. For example, the first obtaining module 310 may be a separate processing element, or may be integrated into a chip of the apparatus, or may be stored in a memory of the apparatus in the form of program code, and a processing element of the apparatus calls and executes the functions of the first obtaining module 310. Other modules are implemented similarly. In addition, all or part of the modules can be integrated together or can be independently realized. The processing element described herein may be an integrated circuit having signal processing capabilities. In implementation, each step of the above method or each module above may be implemented by an integrated logic circuit of hardware in a processor element or an instruction in the form of software.

For example, the above modules may be one or more integrated circuits configured to implement the above methods, such as: one or more Application Specific Integrated Circuits (ASICs), or one or more microprocessors (DSPs), or one or more Field Programmable Gate Arrays (FPGAs), among others. For another example, when some of the above modules are implemented in the form of a processing element scheduler code, the processing element may be a general-purpose processor, such as a Central Processing Unit (CPU) or other processor that can call program code. As another example, these modules may be integrated together, implemented in the form of a system-on-a-chip (SOC).

Fig. 4 is a schematic diagram illustrating a hardware structure of a cloud service platform 100 for implementing the above-mentioned information management method based on mobile internet and biometric authentication according to an embodiment of the present invention, and as shown in fig. 4, the cloud service platform 100 may include a processor 110, a machine-readable storage medium 120, a bus 130, and a transceiver 140.

In a specific implementation process, the at least one processor 110 executes computer-executable instructions stored in the machine-readable storage medium 120 (for example, the first obtaining module 310, the second obtaining module 320, the extracting module 330, and the encryption deploying module 340 included in the mobile internet and biometric authentication-based information management apparatus 300 shown in fig. 3), so that the processor 110 may execute the mobile internet and biometric authentication-based information management method according to the above method embodiment, where the processor 110, the machine-readable storage medium 120, and the transceiver 140 are connected through the bus 130, and the processor 110 may be configured to control the transceiving action of the transceiver 140, so as to transceive data with the aforementioned mobile internet device 200.

For a specific implementation process of the processor 110, reference may be made to the above-mentioned method embodiments executed by the cloud service platform 100, and implementation principles and technical effects are similar, which are not described herein again.

In the embodiment shown in fig. 4, it should be understood that the Processor may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with the present invention may be embodied directly in a hardware processor, or in a combination of the hardware and software modules within the processor.

The machine-readable storage medium 120 may comprise high-speed RAM memory and may also include non-volatile storage NVM, such as at least one disk memory.

The bus 130 may be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, an Extended ISA (EISA) bus, or the like. The bus 130 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, the buses in the figures of the present application are not limited to only one bus or one type of bus.

In addition, the embodiment of the invention also provides a readable storage medium, wherein the readable storage medium stores computer-executable instructions, and when a processor executes the computer-executable instructions, the information management method based on the mobile internet and the biometric authentication is realized.

Having thus described the basic concept, it will be apparent to those skilled in the art that the foregoing detailed disclosure is to be regarded as illustrative only and not as limiting the present specification. Various modifications, improvements and adaptations to the present description may occur to those skilled in the art, although not explicitly described herein. Such modifications, improvements and adaptations are proposed in the present specification and thus fall within the spirit and scope of the exemplary embodiments of the present specification.

Also, the description uses specific words to describe embodiments of the description. Such as "one possible implementation," "one possible example," and/or "exemplary" means that a particular feature, structure, or characteristic described in connection with at least one embodiment of the specification is included. Therefore, it is emphasized and should be appreciated that two or more references to "one possible implementation," "one possible example," and/or "exemplary" in various places throughout this specification are not necessarily referring to the same embodiment. Furthermore, some features, structures, or characteristics of one or more embodiments of the specification may be combined as appropriate.

Moreover, those skilled in the art will appreciate that aspects of the present description may be illustrated and described in terms of several patentable species or situations, including any new and useful combination of processes, machines, manufacture, or materials, or any new and useful improvement thereof. Accordingly, aspects of this description may be performed entirely by hardware, entirely by software (including firmware, resident software, micro-code, etc.), or by a combination of hardware and software. The above hardware or software may be referred to as "data block," module, "" engine, "" unit, "" component, "or" system. Furthermore, aspects of the present description may be represented as a computer product, including computer readable program code, embodied in one or more computer readable media.

The computer storage medium may comprise a propagated data signal with the computer program code embodied therewith, for example, on baseband or as part of a carrier wave. The propagated signal may take any of a variety of forms, including electromagnetic, optical, etc., or any suitable combination. A computer storage medium may be any computer-readable medium that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code located on a computer storage medium may be propagated over any suitable medium, including radio, cable, fiber optic cable, RF, or the like, or any combination of the preceding.

Computer program code required for the operation of various portions of this specification may be written in any one or more programming languages, including an object oriented programming language such as Java, Scala, Smalltalk, Eiffel, JADE, Emerald, C + +, C #, VB.NET, Python, and the like, a conventional programming language such as C, Visual Basic, Fortran 2003, Perl, COBOL 2002, PHP, ABAP, a dynamic programming language such as Python, Ruby, and Groovy, or other programming languages. The program code may run entirely on the user's computer, as a stand-alone software package, partly on the user's computer, partly on a remote computer, or entirely on the remote computer or cloud service platform. In the latter scenario, the remote computer may be connected to the user's computer through any network format, such as a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet), or in a cloud computing environment, or as a service, such as a software as a service (SaaS).

Additionally, the order in which the elements and lists are processed, the use of alphanumeric characters, or other designations in this specification is not intended to limit the order in which the processes and methods of this specification are performed, unless otherwise specified in the claims. While various presently contemplated embodiments of the invention have been discussed in the foregoing disclosure by way of example, it is to be understood that such detail is solely for that purpose and that the appended claims are not limited to the disclosed embodiments, but, on the contrary, are intended to cover all modifications and equivalent arrangements that are within the spirit and scope of the embodiments herein. For example, although the system components described above may be implemented through interactive services, they may also be implemented through software-only solutions, such as installing the described system on an existing cloud service platform or mobile device.

Similarly, it should be noted that in the preceding description of embodiments of the present specification, various features are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure aiding in the understanding of one or more of the embodiments. This method of disclosure, however, is not intended to imply that more features than are expressly recited in a claim. Indeed, the embodiments may be characterized as having less than all of the features of a single embodiment disclosed above.

It is to be understood that the descriptions, definitions and/or uses of terms in the accompanying materials of this specification shall control if they are inconsistent or contrary to the descriptions and/or uses of terms in this specification.

Finally, it should be understood that the embodiments described herein are merely illustrative of the principles of the embodiments of the present disclosure. Other variations are also possible within the scope of the present description. Thus, by way of example, and not limitation, alternative configurations of the embodiments of the specification can be considered consistent with the teachings of the specification. Accordingly, the embodiments of the present description are not limited to only those embodiments explicitly described and depicted herein.

Claims

1. An information management method based on mobile internet and biometric authentication is applied to a cloud service platform which is in communication connection with a plurality of mobile internet devices, and the method comprises the following steps:

configuring an application fingerprint authentication environment of the mobile internet equipment in the service member unit according to the application fingerprint mapping information of the service member unit and the encrypted deployment data of the mobile internet equipment in the service member unit, and configuring an access digital watermark authentication environment of the mobile internet equipment in the service member unit according to the access digital watermark mapping information of the service member unit;

the service member unit is correspondingly configured with an internet service type of an internet service member in advance, wherein the internet service type comprises a self-media service type and a game service type;

after target biological authentication certificates embedded with security code calling programs corresponding to a plurality of mobile internet devices are obtained, application fingerprint interception indexes and access digital watermark interception indexes matched with the security code calling programs are obtained from the target biological authentication certificates embedded with the security code calling programs, and access verification encryption deployment is carried out on each mobile internet device according to the application fingerprint interception indexes and the access digital watermark interception indexes;

the method comprises the steps that for each target service terminal, bidirectional authentication interconnection is established with each service member unit in advance, specifically, the bidirectional authentication interconnection is established by uploading identity legal authentication information, and corresponding terminal access authentication information is uploaded in real time or every preset time period, wherein the terminal access authentication information comprises application fingerprint configuration information and access digital watermark configuration information, and the terminal access authentication information comprises the application fingerprint configuration information and the access digital watermark configuration information allowed by equipment of the terminal access authentication information or the application fingerprint configuration information and the access digital watermark configuration information expanded through software;

the application fingerprint authentication environment is used for representing an authentication environment of an application fingerprint generated during biological authentication, and the access digital watermark authentication environment is used for representing an authentication environment of a digital watermark related to the application fingerprint generated during biological authentication.

2. The information management method based on mobile internet and biometric authentication of claim 1, wherein the extracting the terminal access authentication information of the service member unit to obtain the extracted information comprises:

3. The information management method based on mobile internet and biometric authentication according to claim 1 or 2, wherein the extracting of the terminal access authentication information of the service member unit to obtain the extracted information comprises:

4. The information management method based on mobile internet and biometric authentication as claimed in claim 1, wherein said determining the application fingerprint mapping information of the service member unit and the access digital watermark mapping information of the service member unit based on the extracted information comprises:

5. The information management method based on mobile internet and biometric authentication as claimed in claim 1, wherein the configuring of the application fingerprint authentication environment of the mobile internet device in the service member unit according to the application fingerprint mapping information of the service member unit and the encrypted deployment data of the mobile internet device in the service member unit comprises:

6. The information management method based on mobile internet and biometric authentication as claimed in claim 1, wherein the configuring of the access digital watermark authentication environment of the mobile internet device in the service member unit according to the access digital watermark mapping information of the service member unit comprises:

acquiring a digital watermark environment adaptation table item corresponding to an access digital watermark authentication environment of mobile internet equipment associated with the service member unit from access digital watermark mapping information of the service member unit, wherein the digital watermark environment adaptation table item is obtained by performing analog matching on access digital watermark signature information in the access digital watermark mapping information of the service member unit in an adaptation mode matched with an environment service identifier of a corresponding digital watermark authentication environment element;

performing trust authorization on the digital watermark environment adaptation table items sent by the corresponding digital watermark authentication environment elements according to trust authorization modes respectively matched with the adaptation modes to obtain corresponding access digital watermark signature information;

respectively carrying out trust authorization enabling on access digital watermark authentication environments of mobile internet equipment of which the access digital watermark signature information is in the service member unit, and determining trust authorization enabling parameters corresponding to the digital watermark authentication environment elements, wherein the trust authorization enabling parameters are used for reflecting a trust authorization enabling public key of the digital watermark authentication environment elements associated with the access digital watermark authentication environments;

screening out a highest priority parameter from trust authorization enabling parameters corresponding to each digital watermark authentication environment element, and determining trust authorization reference parameters corresponding to each digital watermark authentication environment element according to the comparison condition between the trust authorization enabling parameters corresponding to each digital watermark authentication environment element and the highest priority parameter; the trust authorization reference parameter corresponding to the digital watermark authentication environment element is positively correlated with the corresponding comparison condition;

and performing environment configuration on access digital watermark signature information of the digital watermark authentication environment elements with the trust authorization reference parameter covering the set trust authorization reference parameter, obtaining environment configuration blocks of element identifications corresponding to the digital watermark authentication environment elements according to environment configuration identifications in an environment configuration result, and sequentially performing update configuration on the access digital watermark authentication environment of the mobile internet equipment in the service member unit according to each environment configuration block.

7. The information management method based on mobile internet and biometric authentication as claimed in claim 1, wherein after configuring the access digital watermark authentication environment of the mobile internet device in the service member unit according to the access digital watermark mapping information of the service member unit, the method further comprises:

8. The information management method based on mobile internet and biometric authentication according to claim 1, wherein the step of acquiring the target biometric authentication credentials embedded with the security code calling program corresponding to the plurality of mobile internet devices when performing biometric authentication identification comprises:

root certificate node matching is carried out on the self-signed digital certificate matching information according to a preset token root certificate node set, and a root certificate matching node set is obtained;

9. The information management method based on mobile internet and biometric authentication according to claim 1, wherein the step of performing credential matching analysis on the biometric authentication verification information obtained during the biometric authentication process of the mobile internet device within a preset time period to obtain the self-signed digital certificate matching information of the biometric authentication verification information comprises:

10. The information management system based on the mobile internet and the biological authentication is characterized by comprising a cloud service platform and a mobile internet device which is in communication connection with the cloud service platform;

the cloud service platform is used for configuring an application fingerprint authentication environment of the mobile internet equipment in the service member unit according to the application fingerprint mapping information of the service member unit and the encrypted deployment data of the mobile internet equipment in the service member unit, and configuring an access digital watermark authentication environment of the mobile internet equipment in the service member unit according to the access digital watermark mapping information of the service member unit;